/*
* Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*//*!
@header CSCommonPriv
SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not
official API, and are subject to change without notice.
*/
#ifndef_H_CSCOMMONPRIV
#define_H_CSCOMMONPRIV
#include<Security/CSCommon.h>
#ifdef__cplusplusextern"C" {
#endif/*!
@typedef SecCodeDirectoryFlagTable
This constant array can be used to translate between names and values
of CodeDirectory flag bits. The table ends with an entry with NULL name.
The elements are in no particular order.
@field name The official text name of the flag.
@field value The binary value of the flag.
@field signable True if the flag can be specified during signing. False if it is set
internally and can only be read from a signature.
*/typedefstruct {
constchar *name;
uint32_t value;
bool signable;
} SecCodeDirectoryFlagTable;
externconst SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[];
/*!
Blob types (magic numbers) for blobs used by Code Signing.
@constant kSecCodeMagicRequirement Magic number for individual code requirements.
@constant kSecCodeMagicRequirementSet Magic number for a collection of
individual code requirements, indexed by requirement type. This is used
for internal requirement sets.
@constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory.
@constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob
containing all the signing components that are usually embedded within
a main executable.
@constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that
contains all the data for all architectures of a signature, including any
data that is usually written to separate files. This is the format of
detached signatures if the program is capable of having multiple architectures.
@constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
@constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
numbers. This is not a valid ASCII character; test for this to distinguish
between text and binary data if you expect a code signing-related binary blob.
*/typedef uint32_t SecCodeSignatureFlags;
enum {
kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */
kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */
kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */
kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */
kSecCodeMagicByte = 0xfa /* shared first byte */
};
/*!
Types of cryptographic digests (hashes) used to hold code signatures
together.
Each combination of type, length, and other parameters is a separate
hash type; we don't understand "families" here.
These type codes govern the digest links that connect a CodeDirectory
to its subordinate data structures (code pages, resources, etc.)
They do not directly control other uses of hashes (such as the
hash-of-CodeDirectory identifiers used in requirements).
*/enum {
kSecCodeSignatureNoHash = 0, /* null value */
kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */
kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */
kSecCodeSignatureHashPrestandardSkein160x256 = 32, /* Skein, 160 bits, 256 bit pool */
kSecCodeSignatureHashPrestandardSkein256x512 = 33, /* Skein, 256 bits, 512 bit pool */
kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1
};
#ifdef__cplusplus
}
#endif
#endif //_H_CSCOMMON